Hunting the thieves behind a rash of six-figure wine heists ... “They’re not crawling under laser beams or anything. They’re using sledgehammers and crowbars. But they know what wine they want. This is wine stolen to order.” ... The FBI thinks so, too. The agency’s San Francisco bureau has been tracking the crimes for similarities. The thefts usually occur over a holiday, when the targeted restaurant is closed. Only certain types of wine are taken–usually French or Californian, priced at thousands of dollars a bottle. ... A wine theft is notoriously hard to investigate. It’s often compared to an art heist, because once a bottle is stolen it usually makes its way through a series of black market dealers before winding up in somebody’s private collection, where it remains unseen for years. But unlike art, if stolen wine does resurface, it’s difficult to prove what it is or where it came from. ... Downey trained as a sommelier before becoming a part-time wine fraud investigator. For the past 10 years she has been on a one-woman crusade to rid the wine industry of counterfeit and stolen wine. And there’s a lot of it out there. The French newspaper Sud Ouest estimates that 20 percent of wine sold in the world is either fake or stolen; Wine Spectator puts it at around 5 percent.
The Dread Pirate Roberts, head of the most brazen drug trafficking site in the world, was a walking contradiction. Though the government says he raked in $80 million in commissions from running Silk Road, he allegedly lived under a false name in one bedroom of a San Francisco home that he shared with two other guys and for which he paid $1,000 a month in cash. Though his alleged alter ego penned manifestos about ending "violence, coercion, and all forms of force," the FBI claims that he tried to arrange a hit on someone who had blackmailed him. And though he ran a site widely assumed to be under investigation by some of the most powerful agencies in the US government, the Dread Pirate Robert appears to have been remarkably sloppy—so sloppy that the government finally put a name to the peg leg: Ross William Ulbricht.
At 400 pounds, with an unruly white beard and mane, he looked like Santa Claus, talked like a bricklayer and lived like a 1-percenter. ... Blazer's big secret, as he looked down on the Manhattan streets, seems so obvious now: He had embezzled his fortune through kickbacks and bribes. And the people who would uncover the scam were with him today, in his apartment, about to dispatch him to take down FIFA. ... There has never been anything quite like the FBI's investigation into global soccer, which resulted in a series of high-profile arrests starting in May 2015. But so far, only the barest outline of the case has been made public. Wiretaps and classified debriefings remain under seal, as do the identities of confidential informants and the grand jury proceedings that have left 25 FIFA officials facing criminal charges. ... He'd attended its meetings when he was with the USSF, and he knew it was a sleepy FIFA subsidiary laden with aging bureaucrats. He also knew it was just the place to make his name, so he schemed to field his own candidate for the confederation's presidency, Jack Warner, a former Trinidadian schoolteacher who was a rising political star in the Caribbean soccer world. Through Warner, Blazer would secure his own ascent.
One Thursday in January 2001, Maksym Igor Popov, a 20-year-old Ukrainian man, walked nervously through the doors of the United States embassy in London. While Popov could have been mistaken for an exchange student applying for a visa, in truth he was a hacker, part of an Eastern European gang that had been raiding US companies and carrying out extortion and fraud. A wave of such attacks was portending a new kind of cold war, between the US and organized criminals in the former Soviet bloc, and Popov, baby-faced and pudgy, with glasses and a crew cut, was about to become the conflict’s first defector. ... The once-friendly FBI agents threw Popov in an isolation room, then returned an hour later with a federal prosecutor, a defense attorney, and a take-it-or-leave-it offer: Popov was going to be their informant, working all day, every day, to lure his crime partners into an FBI trap. If he refused, he’d go to prison. ... Popov was shocked. He’d been played for a durak—a fool. He was placed under 24-hour guard at an FBI safe house in Fair Lakes, Virginia, and instructed to talk to his friends in Russian chat rooms while the bureau recorded everything. But Popov had some tricks of his own. He pretended to cooperate while using Russian colloquialisms to warn his associates that he’d been conscripted into a US government sting. ... There seemed no escape from a future of endless jail cells and anonymous American courtrooms. ... Except that in a backwater FBI office in Santa Ana, California, an up-and-coming agent named Ernest “E. J.” Hilbert saw that the government needed Popov more than anyone knew. ... They called the operation Ant City. Now that he was back online, Popov adopted a new identity and began hanging out in underground chat rooms and posting on CarderPlanet, portraying himself as a big-time Ukrainian scammer with an insatiable hunger for stolen credit cards. ... One thing Popov had always known about Eastern European hackers: All they really wanted was a job.
Russian happens to be one of the nine languages Droujinsky speaks, but the job also required agility and urgency. ... It was an open secret in Washington that the FBI wiretapped and watched the Soviet Embassy, though a number of would-be spies either were unaware of that or thought they could avoid detection by concealing their identities. ... I first heard from an intelligence source in the mid-1990s that the FBI had a “fake Russian,” and I had chased him ever since. An FBI contact of mine cautiously confirmed that the bureau had an agent who impersonated a KGB spy handler, but would say no more. After I discovered his name buried in a news article about a court case, I found it in a phone book—a seeming stroke of luck, since most FBI agents are unlisted. But when I called the number I got his son, who has the same name. The son agreed to pass on my request for an interview, and eventually relayed his father’s reply: Sorry, but no. ... I asked him why, after all these years, he had decided to talk to me. “I’ve been out of the bureau for many years,” he told me, “and I didn’t think it would jeopardize anyone.” He deflected my offer to meet at his home, but unlike other counterspies I have interviewed, he said I was free to quote him by name. One lunch led to eight more; over ten months, the FBI’s bogus Russian discussed his life and career with a reporter for the first time.
Being underestimated – by family, classmates and colleagues – had been the theme of his life, a curse he had borne silently since childhood. But for the mission he had now embarked upon, it was a blessing. None of his co-workers or managers in the intelligence community could have imagined that he of all people was capable of masterminding a complex espionage plot. ... With fortune, he imagined, respect would follow. Those who had known him would no longer doubt his intelligence. Once and for all, he would shake off the image that had dogged him since childhood. ... The sender of the envelopes was no doubt a bona fide member of the US intelligence community, with access to “top secret” documents, intent on establishing a clandestine relationship with a foreign intelligence service. The person had, in fact, already committed espionage by giving classified information to an enemy country. Carr might as well have been looking at a warning sign for a national security threat flashing in neon red. ... As long as he could get away with it, espionage was a legitimate answer to his troubles.
America’s War with Russia’s greatest cybercriminal began in the spring of 2009, when special agent James Craig, a rookie in the FBI’s Omaha, Nebraska, field office, began looking into a strange pair of electronic thefts. ... The leading victim in the case was a subsidiary of the payments-processing giant First Data, which lost $450,000 that May. That was quickly followed by a $100,000 theft from a client of the First National Bank of Omaha. What was odd, Craig noticed, was that the thefts seemed to have been executed from the victims’ own IP addresses, using their own logins and passwords. Examining their computers, he saw that they were infected with the same malware: something called the Zeus Trojan horse. ... The ruse is known as a “man in the browser” attack. While you sit at your computer logging into seemingly secure websites, the malware modifies pages before they load, siphoning away your credentials and your account balance. Only when you log in from a different computer do you even realize the money is gone.